On the Security Requirements of Cryptographic Modules

With recent developments in information and communication technologies, the need of security products having cryptographic modules is increasing. Security requirements of cryptographic devices vary for different applications and usages. In this paper, a security model is described for different levels of cryptographic modules in different environments. This model is introduced by analyzing the security requirements given in the Federal Information Processing Standard Publication 140-3 (FIPS 140-3). The FIPS 140-3 specifies the security requirements for a cryptographic module utilized within a security system protecting sensitive information in computer and telecommunication systems, and provides different security levels. It is concluded that while achieving security requirements with a cryptographic module such as encryption algorithm, signature schemes, key management issues, one has to check out design and implementation steps for the targeted environment, since each device has its own characteristics. These are called as conformance testing steps. Security model proposed in this study is designed after defining threats. Then, the required precautions are taken and functional requirements are selected. The proposed security model comprises of security levels, threat levels, cryptographically secure and approved algorithm requirements. Keywords: Security, operating system, access control;